DEV Community

loading...

How to spy a process

shaikhul profile image Shaikhul Islam ・2 min read

Have you ever stuck with a program running for a long time or wondering what the process is doing? No worries! You are not alone, same thing happen me a lot.

Most recently I have to spy on a long running php process to figure out why/where its taking so much time.

Here is my approach to spy any process in linux environment.

Find out the process ID by running a ps command and grep for specific program. In my case it was a php program so I type following:

$ ps aux | grep "some_program.php"
Enter fullscreen mode Exit fullscreen mode

Then strace the process. You need root access.

$ strace -p PID
Enter fullscreen mode Exit fullscreen mode

Don't worry if it dumps a lot in the standard output. It trace all the system calls (read,write,open,close,poll,recvfrom etc) that the process is doing. Look for any interesting pattern.

To see which files are opened by the process you can try lsof command. This helps me to figure out which file paths are used by the program.

$ lsof -p PID
Enter fullscreen mode Exit fullscreen mode

To further debug the process try gdb.
First, attach the program with gdb.

$ gdb -p PID
Enter fullscreen mode Exit fullscreen mode

Now you are in gdb shell. type cont and wait for a while. and then hit ctrl + c to stop it.

> cont
Enter fullscreen mode Exit fullscreen mode

It will stop and return back to gdb shell. Now type bt it will dump the backtrace. I can see some php library function calls.

> bt
Enter fullscreen mode Exit fullscreen mode

These few commands helps me a lot to deep dive into a process and figure out whats going on. This is specially helpful when you don't know much about the underlying codebase.

To learn more about strace check out following two articles.

Discussion (0)

pic
Editor guide